an IP hijacking attempt
Mel Beckman
mel at beckman.org
Tue Mar 9 18:17:51 UTC 2021
It could just be a typo on the LOA. It seems unlikely any ISP would approve a forged LOA that could readily be debunked by contacting the IP space owner. The whole point of LOA’s is to facilitate this verification.
-mel via cell
> On Mar 9, 2021, at 10:01 AM, Brian Turnbow via NANOG <nanog at nanog.org> wrote:
>
> Hello everyone,
>
> We received a strange request that I wanted to share.
> An email was sent to us asking to confirm a LOA from a diligent ISP.
> The Loa was a request to open bgp for an AS , that is not ours, to announce a /23 prefix that is ours.
> So basically this entity sent to their upstream a request to announce a prefix from one our allocated ranges.
> We have the allocation correctly registered and ROAs in place , but it is worrisome that someone would attempt this.
> Obviously we have informed the ISP that the LOA is not valid and are trying to contact the originating party.
> Aside from RIRs for the offending AS and our IPs, Is there anywhere to report this type of activity?
> We have dealt with hijacking technically speaking in the past but this is the first time, to my knowledge, of someone forging a LOA with our IPs.
>
> Thanks in advance for any advice
>
> Brian
>
> P.S. a big thanks to Chris for checking the boxes before activating the filter if you are on the list!
>
>
>
>
More information about the NANOG
mailing list